Squid Labs

Atlantis - Setting up in Kubernetes without sensitive values

Kev's photo
Kev
·

2 min read

In this article we are going to explore setting up Atlantis in Alibaba. You can also set it up in AWS EKS. This tutorial is slightly different than most whereby we focus on not storing the sensitive password in the yaml file but reference it within the Kubernetes secret.

To Install

  1. First go to Alicloud to create a user dev-atlantis-user, get the AccessKeyId and AccessKeySecret. Ensure that it has sufficient right to create resources. Usually admin rights but do pick the admin rights you want to provide.

  2. Next in your kubernetes cluster create a namespace called atlantis

     kubectl create namespace atlantis

  3. In Atlantis create a secret called dev-atlantis-user, put in your AccessKeyID and AccessKeySecret

     kubectl create secret generic dev-atlantis-user \
     --from-literal=AccessKeyID=admin123 \
     --from-literal=AccessKeySecret='S!B\*d$zDsb='

  4. In Atlantis namespace create a secret called dev-atlantis-web-secrets. This is to store the username and password when entering Atlantis at the website level

     kubectl create secret generic dev-atlantis-web-secrets \
     --from-literal=username=admin \
     --from-literal=password='S!B\*d$zDsb='

  5. Next go to Github and create a PAT Token.

    In the Terraform repository, in this demo I am using github.com/squid-labs/dev-infrastructure, point to the repo you want Atlantis to monitor, add in the Webhook secret. The value of the webhook secret is something you can generate by yourself.

  6. In Atlantis namespace create a secret called dev-atlantis-github-webhook-secrets. This is to access to the github repository and make changes.

     kubectl create secret generic dev-atlantis-github-webhook-secrets \
     --from-literal=ATLANTIS_GH_USER=admin \
     --from-literal=ATLANTIS_GH_WEBHOOK_SECRET='S!B\*d$zDsb=' \
     --from-literal=ATLANTIS_GH_TOKEN='S!B\*d$zDsb='

  7. Atlantis has an official Helm chart

    Add the runatlantis helm chart repository to helm

     helm repo add runatlantis https://runatlantis.github.io/helm-charts

  8. cd into a directory where you're going to configure your Atlantis Helm chart

  9. Create a values.yaml file by running

     helm inspect values runatlantis/atlantis > values.yaml

  10. This is where we need to configure the variables, pay attention to the variables especially your domain. Get the script here

    https://github.com/squid-labs/dev-infrastructure/

  11. In your Kubernetes cluster, run

    helm install atlantis runatlantis/atlantis -f values.yaml -n atlantis

  12. After that remember to point your domain to the ip of the pod. In Alicloud usually it is the ClusterIP which the IP will be permanent.

  13. For the rest on how it looks refer to this

    https://squid.hashnode.dev/architecture-designing-a-cicd-part-2-using-github-terraform-atlantis-to-deploy-aws-resources

atlantiscicd